3816 matches found
ImageMagick: Multiple vulnerabilities
Background ImageMagick is a collection of tools and libraries for manipulating various image formats. Description Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details. Note that CVE-2012-1185 and CVE-2012-1186 were issued due...
Pango: Multiple vulnerabilities
Background Pango is an internationalized text layout and rendering library Description Multiple vulnerabilities have been discovered in Pango. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could entice a user to load specially crafted text usi...
Rack: Multiple vulnerabilities
Background Rack is a modular Ruby web server interface. Description Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a...
Ettercap: Multiple vulnerabilities
Background Ettercap is a suite of tools for content filtering, sniffing and man in the middle attacks on a LAN. Description Multiple vulnerabilities have been discovered in Ettercap: Ettercap does not handle temporary files securely CVE-2010-3843. A format string flaw in Ettercap could cause a...
ClamAV: Multiple vulnerabilities
Background Clam AntiVirus ClamAV is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a...
X.Org X Server: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could execute arbitrary...
OpenSSH: Multiple vulnerabilities
Background OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code...
libSRTP: Denial of service
Background libSRTP is an Open-source implementation of the Secure Real-time Transport Protocol. Description A flaw was found in how the cryptopolicysetfromprofileforrtp function applies cryptographic profiles to an srtppolicy in libSRTP. Impact A remote attacker could exploit this vulnerability t...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
WeeChat: Multiple vulnerabilities
Background Wee Enhanced Environment for Chat WeeChat is a light and extensible console IRC client. Description Two vulnerabilities have been discovered in WeeChat: The hookprocess function does not properly handle shell expansions CVE-2012-5534. WeeChat does not properly decode colors which could...
Asterisk: Denial of service
Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details. Impact A remote attacker could possibly cause a Denia...
udisks: Arbitrary code execution
Background udisks is an abstraction for enumerating block devices and performing operations on them. Description A stack-based buffer overflow can be triggered when udisks is given a long path name as a mount point. Impact A local attacker could possibly execute arbitrary code with the privileges...
OpenSSL: Information Disclosure
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been found in OpenSSL: OpenSSL incorrectly handles memory in the TLS...
Mesa: Multiple vulnerabilities
Background Mesa is an OpenGL-like graphic library for Linux. Description Multiple vulnerabilities have been discovered in Mesa. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cau...
CUPS: Arbitrary file read/write
Background CUPS, the Common Unix Printing System, is a full-featured print server. Description Members of the lpadmin group have admin access to the web interface, where they can edit the config file and set some “dangerous” directives like the logfilenames, which enable them to read or write fil...
libproxy: User-assisted execution of arbitrary code
Background libproxy is a library for automatic proxy configuration management. Description A boundary error when processing the proxy.pac file could cause a stack-based buffer overflow. Impact A man-in-the-middle attacker could provide a specially crafted proxy.pac file on a remote server, possib...
OptiPNG: User-assisted execution of arbitrary code
Background OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Description A use-after-free vulnerability exists in the palette reduction functionality of OptiPNG. Impact A remote attacker could entice a user to open a specially crafted imag...
Crack: Arbitrary code execution
Background Crack is a really simple JSON and XML parsing Ruby gem, ripped from Merb and Rails. Description An XML parameter parsing vulnerability has been discovered in Crack. Impact A remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service...
OpenAFS: Multiple vulnerabilities
Background OpenAFS is an client-server program suite for federated file sharing and replicated content distribution. Description Multiple vulnerabilities have been discovered in OpenAFS. Please review the CVE identifiers referenced below for details. Impact An attacker could potentially execute...
PlRPC: Arbitrary code execution
Background The Perl RPC Module is a Perl module that implements IDL-free RPCs. Description PlRPC uses Storable module for serialization and deserialization of untrusted data. Deserialized data can contain objects which can lead to loading of foreign modules, and possible execution of arbitrary...
libupnp: Arbitrary code execution
Background libupnp is a portable, open source, UPnP development kit. Description Multiple buffer overflow vulnerabilities have been discovered in libupnp. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the...
grep: User-assisted execution of arbitrary code
Background grep is the GNU regular expression matcher. Description An integer overflow flaw has been discovered in grep. Impact An attacker could entice a user to run grep on a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial...
GNU Emacs: Multiple vulnerabilities
Background GNU Emacs is a highly extensible and customizable text editor. Description Multiple vulnerabilities have been discovered in GNU Emacs: When ‘global-ede-mode’ is enabled, EDE in Emacs automatically loads a Project.ede file from the project directory CVE-2012-0035. When...
QtCore: Denial of service
Background The Qt toolkit is a comprehensive C++ application development framework. Description A vulnerability in QXmlSimpleReader’s XML entity parsing has been discovered. Impact A remote attacker could entice a user to open a specially crafted XML file using an application linked against QtCor...
file: Denial of service
Background file is a utility that guesses a file format by scanning binary data for patterns. Description A flaw was found in the way the file utility determines the type of a file. Impact A remote attacker could entice a user to open a specially crafted file, possibly resulting in a Denial of...
LibYAML: Arbitrary code execution
Background LibYAML is a YAML 1.1 parser and emitter written in C. Description A heap-based buffer overflow flaw was found in the way libyaml parsed YAML tags. Impact A remote attacker could provide a specially-crafted YAML document which when parsed by LibYAML, would cause the application to cras...
Chromium, V8: Multiple vulnerabilities
Background Chromium is an open-source web browser project. V8 is Google’s open source JavaScript engine. Description Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact A context-dependent...
ArgyllCMS: User-assisted execution of arbitrary code
Background ArgyllCMS is an ICC compatible color management system that supports accurate ICC profile creation for scanners, cameras and film recorders. Description Multiple integer overflow vulnerabilities have been discovered in the ICC Format Library in ArgyllCMS. Impact A remote attacker could...
Chrony: Multiple vulnerabilities
Background Chrony is a pair of programs which are used to maintain the accuracy of the system clock on a computer. Description Multiple vulnerabilities have been discovered in Chrony. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a...
pidgin-knotify: Arbitrary code execution
Background pidgin-knotify is a Pidgin plug-in to display message notifications in KDE. Description pidgin-knotify does not properly sanitize shell metacharacters from received messages. Impact A remote attacker could send a specially crafted instant message, possibly resulting in execution of...
libXfont: Multiple vulnerabilities
Background libXfont is an X11 font rasterisation library. Description Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. Impact A local attacker could use a specially crafted file to gain privileges or cause a Denial of Servi...
libtar: Arbitraty code execution
Background libtar is a C library for manipulating POSIX tar files. Description An integer overflow error within the “thread” function when processing long names or link extensions can be exploited to cause a heap-based buffer overflow via a specially crafted archive. Impact A remote attacker coul...
libTIFF: Multiple vulnerabilities
Background libTIFF provides support for reading and manipulating TIFF Tagged Image File Format images. Description Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...
TCPTrack: Arbitrary code execution
Background TCPTrack is a simple libpcap based program for live TCP connection monitoring. Description A heap-based buffer overflow vulnerability exists in TCPTrack’s parsing of command line arguments. This is only a vulnerability in limited scenarios in which TCPTrack is “configured as a handler...
OpenSSL: Denial of service
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description A flaw in the ssl3takemac function can result in a NULL pointer dereference. Impact A remote attacker cou...
GnuPG, Libgcrypt: Multiple vulnerabilities
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Libgcrypt is a cryptographic library based on GnuPG. Description Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt. Please review the CVE identifiers referenced below for...
libssh: Arbitrary code execution
Background libssh is a C library providing SSHv2 and SSHv1. Description Multiple buffer overflow, double free, and integer overflow vulnerabilities have been discovered in libssh. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial o...
KVIrc: Multiple vulnerabilities
Background KVIrc is a free portable IRC client based on Qt. Description Multiple vulnerabilities have been discovered in KVIrc. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, cause ...
GNU Midnight Commander: User-assisted execution of arbitrary code
Background GNU Midnight Commander is a text based file manager. Description GNU Midnight Commander does not properly sanitize environment variables. Impact A remote attacker could entice a user to open a specially crafted archive file using GNU Midnight Commander, possibly resulting in execution ...
Xpdf: User-assisted execution of arbitrary code
Background Xpdf is an X viewer for PDF files. Description Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could execute arbitrary code or cause a Denial of Service condition. Workaround Ther...
Roundcube: Arbitrary code execution
Background Roundcube is a browser-based multilingual IMAP client with an application-like user interface. Description A vulnerability in steps/utils/savepref.inc allows remote attackers to use the session parameter to change configuration settings. Impact A remote attacker could possibly execute...
FreeType: Multiple vulnerabilities
Background FreeType is a high-quality and portable font engine. Description Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could entice a user to open a specially crafted font, possibly...
International Components for Unicode: Denial of service
Background International Components for Unicode is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in International Components for Unicode. Please review the CVE identifiers referenc...
DjVu: User-assisted execution of arbitrary code
Background DjVu is a web-centric format and software platform for distributing documents and images. Description A vulnerability has been discovered in DjVu. Please review the CVE identifier referenced below for details. Impact A remote attacker could entice a user to open a specially crafted DjV...
PAM S/Key: Information disclosure
Background PAM S/Key is a pluggable authentication module for the OpenBSD Single-key Password system. Description Ulrich Müller reported that a Gentoo patch to PAM S/Key does not remove credentials provided by the user from memory. Impact A local attacker with privileged access could inspect a...
PulseAudio: Insecure temporary file usage
Background PulseAudio is a sound system for POSIX OSes. Description The pamakesecuredir function in core-util.c does not handle temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application...
Apache mod_fcgid: Arbitrary code execution
Background Apache modfcgid is a binary-compatible alternative to modfastcgi with better process management. Description Apache modfcgid fails to perform a boundary check on user-supplied input, potentially resulting in a heap-based buffer overflow. Impact A remote attacker can supply a crafted...
Links: Denial of service
Background Links is a web browser which runs in both graphics and text modes. Description An integer overflow vulnerability was found in the parsing of HTML tables in the Links web browser when running in graphical mode. Impact A remote attacker could possibly cause a Denial of Service condition...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple unspecified vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A...
Freeciv: User-assisted execution of arbitrary code
Background Freeciv is an open-source empire building strategy game. Description The Lua component of Freeciv does not restrict which modules may be loaded by scenario scripts. Impact A remote attacker could entice a user to open a specially crafted scenario file, possibly resulting in execution o...